Releases: trongate/trongate-framework
v1.3.3031 Various Tweaks and Fixes
This release brings an assortment of minor tweaks and bug fixes to the table. Nothing particularly important or interesting, to be honest. No big deal. Enjoy!
Added Cross-Site Request Forgery (CSRF) Protection
RELAX! This update does not add any breaking changes.
I received a few requests to add some kind of protection against cross-site request forgery. This is a type of attack that happens when somebody from another site submits forms to one of your own endpoints.
Now, you can have all of this working out of the box. You don't have to change what you're doing at all. For the record, here's how it works.
When you close a form with form_close(), Trongate will now do more than just create a closing form tag - it will also generate a hidden form field named 'csrf_token'. Provided your submit button has a name of 'submit', Trongate will automatically make sure the csrf_token can be validated against the user's session ID. All of the magic happens inside the engine folder.
To summerise:
- In order to activate csrf protection, simply do the following two things (you're probably already doing them!):
1). use the form_close() method to close your forms.
2). make sure the submit button on your form has a name of 'submit'.
Do those two things and CSRF protection will be enabled for you automatically!
By the way, if you have followed any of my tutorials or any of the docs then you should automatically be producing code that will activate CSRF protection. So, there's no need to change how you work. Just make sure your engine folder is up to date and you'll be good to go.
Cheers!
DC
Added New Starter Template
Trongate is good and fast when it comes to the business of building admin panels. However, when it comes to building entirely unique designs things start to get a little bit slow. This update introduces a new 'starter' template, complete with an app.js file and an app.css file.
With our new starter template, we now have the ability to quickly build sites that have entirely custom designs. Better still, we now have the ability to use the code generator and use generated code within our custom designs. So, all of the things that we've come to expect from the admin panel, such as; pop up calendars, side nav menus, modals and so on, are now all available for any design that you like.
I look forward to posting some tutorials on this soon, perhaps on YouTube. In the the meantime, I hope you enjoy the new feature.
Correction to Validation Helper
This version introduces a fix to our form validation helper. Thanks to Claudia for raising this. We also had a good suggestion from Andrew Suares added here. This one allows you to optionally declare a variable type as an optional second argument. Refer to docs for segment() method for details.
v1.3.3027
We have a new, alternative form validation technique protocol. Our existing 'pipe' method is good and it works. That system will remain and function as normal. However, sometimes - when setting form validation rules - they can run off the page (because the lines of syntax are so long) and that can be an irritation. Now, you can set your validation rules by building a PHP array. The end result is an alternative syntax that is a little bit more compact that what we've been using up until now. Please refer to the documentation for full instructions. It's explained on the 'Form Handling' section.
This update also fixes a minor glitch on TrongateCSS that was causing textarea fonts to look slightly rubbish. Keep in mind, the Desktop App will only update the engine folder. So, to get the latest version of Trongate CSS on an existing site, you may have to take a trip to GitHub and 'pluck out' the latest trongate.css file from the Trongate current framework.
There will also be a YouTube video, showing you how this new validation works.
Pre-Launch v1.3.3026
This update brings a range of improvements to the token security system for Trongate. The trongate_security module has been simplified. The trongate_tokens module has been vastly improved. Full details are to be found on the online docs.
PLEASE NOTE: We are STILL pre-launch so expect bugs and more tweaks over the next two to three weeks. If you are using Trongate with a commercial, high-priority project then I it may be worth NOT upgrading and waiting until we have a 'post launch' version of the framework out. Once again, this is pre-launch - expect bugs. It's normal. Enjoy!
Pre-Launch v1.3.3025
This is the pre-launch version of the Trongate framework. Expect lots of bug fixes over this next two to three weeks.
The V1 Point Infinity Update - Scroll down to 'assets' to get the desktop app
This is a major update. The main changes here are; we now have the ability to have different admin panel themes. Also, there are a couple of syntax tweaks (detailed below). Finally, we now have our own CSS and JavaScript libraries. So, no more third party libraries! This is something I'm very excited about because not only has it given Trongate a massive performance boost. It has also given us the ability to enjoy industry leading levels of stability. This is because we are no longer at the mercy of somebody else's rewrite schedule.
A full video walkthrough of everything you need to know can be found here: https://youtu.be/5GARWIgb0mU.
TWO SYNTAX CHANGES
//fetching variables from URL
OLD: $name = $this->url->segment(3);
NEW: $name = segment(3);
//fetching posted variables
OLD: $name = $this->input('name', true);
NEW: $name = post('name', true);
I hope you enjoy this update. Full docs expected in about 2 to 3 weeks time.
Macho love,
DC
PS - The desktop app can be downloaded from the links below. At the moment, I just have Mac and Linux. I expect to have Windows added within the next 24 hours.
Fixed typo and a little rewiring of the model
Here we have a typo correction and also a little rewiring of how the model fetches the table name. The latter should mean that the model can fetch correct table names, without actively declaring them - even in scenarios where we are using custom routing. It's just a little bit faster and a little bit better. No big deal.
Fixed typo and a little rewiring of the model
Here we have a typo correction and also a little rewiring of how the model fetches the table name. The latter should mean that the model can fetch correct table names, without actively declaring them - even in scenarios where we are using custom routing. It's just a little bit faster and a little bit better. No big deal.